1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

vpn site-to-site issues with a cisco asa

Discussion in 'Networking & Security' started by Hybrid_theory, Jul 13, 2010.

  1. Hybrid_theory

    Hybrid_theory New Member

    Joined:
    Mar 31, 2007
    Messages:
    1,895 (0.71/day)
    Thanks Received:
    163
    Location:
    ontario canada
    not a bad idea. but i do need to specify source and destination address. which you can only do source if i recall
  2. dir_d

    dir_d

    Joined:
    Sep 1, 2009
    Messages:
    848 (0.48/day)
    Thanks Received:
    110
    Location:
    Manteca, Ca
    Yes on the interface that you wanted crypto map on then you are supposed to do the same on the other device, well thats the way ive ever known.
  3. Hybrid_theory

    Hybrid_theory New Member

    Joined:
    Mar 31, 2007
    Messages:
    1,895 (0.71/day)
    Thanks Received:
    163
    Location:
    ontario canada
    HAH. just entered a standard ACL. And when i tried to match the crypto map to it, says access-list should be of type extended.
  4. Hybrid_theory

    Hybrid_theory New Member

    Joined:
    Mar 31, 2007
    Messages:
    1,895 (0.71/day)
    Thanks Received:
    163
    Location:
    ontario canada
    :banghead: ugh!!!. I changed the acl from outbound_tunnel to a number 101. AND IT WORKED!!!!!!!. I could connect and everything. So to solve the original problem i tried power cycling WITHOUT SAVING THE CONFIG. So i set it to a numbered ACL, but it still wont establish. Just says received encrypted packet with no matching SA, dropping.
  5. dir_d

    dir_d

    Joined:
    Sep 1, 2009
    Messages:
    848 (0.48/day)
    Thanks Received:
    110
    Location:
    Manteca, Ca
    Sounds like the cisco ios is being picky in the extended ACLs
  6. Hybrid_theory

    Hybrid_theory New Member

    Joined:
    Mar 31, 2007
    Messages:
    1,895 (0.71/day)
    Thanks Received:
    163
    Location:
    ontario canada
    Yeah definately, i'd go as far to say thats a bug. The guides i followed, some used a number, others had a name. Just didnt think much of it, searching on the cisco support forums i found a suggestion for that.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page